Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #1537 (new defect)

Opened 14 years ago

Last modified 14 years ago

Meraki Mini WiSOC and no DHCP when using WPA/WPA2

Reported by: imp@harddriving.net Assigned to:
Priority: major Milestone:
Component: madwifi: other Version: trunk
Keywords: Meraki Mini WiSOC DHCP OpwnWRT Cc:
Patch is attached: 0 Pending:

Description

Hello,

Currently, WPA/WPA2 in STA mode is not working properly on the Meraki Mini (possibly la Fonera as well) using OpenWRT. For some reason, the DHCP client on the Meraki Mini does not receive the replies that the DHCP server sends. After about nine minutes, according to uptime, the DHCP packets get through and the Meraki sets its IP address.

I also noticed that ARP packets do not get through when I set the IP address manually on the Meraki. So pinging the Meraki from another computer on the network did not work until after those nine minutes have passed.

There is no problem at all when I connect the Meraki to APs with no encryption or WEP. The problem only occurs with WPA/WPA2 using either TKIP or CCMP, PSK, or 802.1x authentication.

I have tried snapshot madwifi-ng-r2568-20070710.tar.gz which is default for OpenWRT Kamikaze 7.07 and also madwifi-ng-r2568-20070829.tar.gz. Both yield the same results.

I want to mention that though it usually starts to work after nine minutes reboot, it is erratic and sometimes it works after only four minutes or longer than nine minutes. Also, reassociation (wpa_cli -i eth1 reassociate) to the AP seems to trigger the problem again.

I have an ASUS WL500-GP with OpenWRT, an Atheros 5212 card, and the same configuration as my Meraki and it does not have this problem.

Currently using OpenWRT trunk with linux kernel 2.6.22.4 and snapshot madwifi-ng-r2568-20070829.tar.gz.

Below is some debug outputs from

80211debug -i eth1 +crypto +wpa +input

00:02:6f:24:39:02 is my access point

wlan: 0.8.4.2 (svn r2695)
ath_hal: module license 'Proprietary' taints kernel.
ath_hal: 0.9.30.13 (AR5212, AR5312, RF2316, TX_DESC_SWAP)
ath_rate_minstrel: Minstrel automatic rate control algorithm 1.2 (svn r2695)
ath_rate_minstrel: look around rate set to 10%
ath_rate_minstrel: EWMA rolloff level set to 75%
ath_rate_minstrel: max segment size in the mrr set to 6000 us
wlan: mac acl policy registered
ath_ahb: 0.9.4.5 (svn r2695)
ath_pci: switching rfkill capability off
ath_pci: switching per-packet transmit power control off
wifi0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
wifi0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES AES_CCM TKIP
wifi0: mac 11.0 phy 4.8 radio 7.0
wifi0: Use hw queue 1 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 2 for WME_AC_VI traffic
wifi0: Use hw queue 3 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 2315 WiSoC: mem=0xb0000000, irq=3

wpa_supplicant starts and has no problem authenticating. (using WPA2/CCMP/EAP-TTLS)

eth1: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 tsc 0 len 0
eth1: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 tsc 0 len 0
eth1: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 tsc 0 len 0
eth1: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 tsc 0 len 0
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <2250,2250> fragno <0,0> tid 0
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <2250,2250> fragno <0,0> tid 0
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <2388,2389> fragno <0,0> tid 0
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 tsc 0 len 0
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [ff:ff:ff:ff:ff:ff] no default transmit key (ieee80211_encap) deftxkey 65535
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <1724,1724> fragno <0,0> tid 0
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <1724,1724> fragno <0,0> tid 0
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <1727,1727> fragno <0,0> tid 0
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <1727,1727> fragno <0,0> tid 0
eth1: [00:02:6f:24:39:02] key id 2 is not set (decap)
[eth1:00:02:6f:24:39:02] discard duplicate frame, seqno <2336,2336> fragno <0,0> tid 0
eth1: ccmp_attach: unable to load kernel AES crypto support
eth1: ieee80211_crypto_setkey: AES-CCM keyix 4 flags 0x3 mac 00:02:6f:24:39:02  tsc 0 len 16
eth1: ccmp_attach: unable to load kernel AES crypto support
eth1: ieee80211_crypto_setkey: AES-CCM keyix 2 flags 0x6 mac 00:00:00:00:00:00  tsc 0 len 16
[eth1:00:02:6f:24:39:02] discard frame, multicast echo
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 79 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 80 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 81 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 82 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 83 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 84 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 85 >
[eth1:00:02:6f:24:39:02] discard frame, multicast echo
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 87 >
[eth1:00:02:6f:24:39:02] discard frame, multicast echo
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 89 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 90 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 91 >
[eth1:00:02:6f:24:39:02] discard frame, multicast echo

After about nine minutes. The AES-CCM replays seem to go away. Gets IP address

[eth1:00:02:6f:24:39:02] discard frame, multicast echo
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 726 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 727 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 728 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 729 >
eth1: [00:02:6f:24:39:02] AES-CCM replay detected <keyix 2, rsc 730 >
eth1: ccmp_attach: unable to load kernel AES crypto support
eth1: ieee80211_crypto_setkey: AES-CCM keyix 1 flags 0x6 mac 00:00:00:00:00:00  tsc 0 len 16
[eth1:00:02:6f:24:39:02] discard frame, multicast echo
[eth1:00:02:6f:24:39:02] discard frame, multicast echo

root@OpenWrt:~# ifconfig eth1 ; uptime
eth1      Link encap:Ethernet  HWaddr 00:18:0A:01:4F:51
          inet addr:192.168.100.123  Bcast:192.168.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25 errors:0 dropped:0 overruns:0 frame:0
          TX packets:178 errors:11 dropped:11 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5278 (5.1 KiB)  TX bytes:53893 (52.6 KiB)

 10:48:15 up 9 min, load average: 0.08, 0.08, 0.06

Attachments

951-rsc-endian.patch (462 bytes) - added by jhansen@cardaccess-inc.com on 03/25/08 17:20:20.
Fix endianness problem with keyrsc

Change History

03/25/08 17:19:32 changed by jhansen@cardaccess-inc.com

The following patch fixes the problem. The replay counter is initially loaded incorrectly on big-endian systems.

03/25/08 17:20:20 changed by jhansen@cardaccess-inc.com

  • attachment 951-rsc-endian.patch added.

Fix endianness problem with keyrsc